Web Hosting Services Found Vulnerable to Multiple Flaws

A security researcher has discovered multiple one-click client-side vulnerabilities in the some of the world’s most popular and widely-used web hosting companies that could have put millions of their customers as well as billions of their sites’ visitors at risk of hacking.

Independent researcher and bug-hunter Paulos Yibelo, who shared his new research with The Hacker News, discovered roughly a dozen serious security vulnerabilities in Bluehost, Dreamhost, HostGator, OVH, and iPage, which amounts to roughly seven million domains.

Some of the vulnerabilities are so simple to execute as they require attackers to trick victims into clicking on a simple link or visiting a malicious website to easily take over the accounts of anyone using the affected web hosting providers.

Critical Flaws Reported in Popular Web Hosting Services

Yibelo tested all the below-listed vulnerabilities on all five web hosting platforms and found several account takeover, cross-scripting, and information disclosure vulnerabilities, which he documented on the Website Planet blog.

1. Bluehost—the company owned by Endurance which also owns Hostgator and iPage, and in total, the three hosting providers powers more than 2 million sites around the world. Bluehost was found vulnerable to: